Cyber Update

Experts Urge Rapid Patching of ‘Struts’ Bug: In September 2017, Equifax disclosed that a failure to patch one of its Internet servers against a pervasive software flaw — in a Web component known as Apache Struts — led to a breach that exposed personal data on 147 million Americans. Now security experts are warning that blueprints showing malicious hackers how to exploit a newly-discovered Apache Struts bug are available online, leaving countless organizations in a rush to apply new updates and plug the security hole before attackers can use it to wriggle inside. KrebsOnSecurity, August 23, 2018

Indian Bank Hit in $13.5M Cyberheist After FBI ATM Cashout Warning: On Sunday, Aug. 12, KrebsOnSecurity carried an exclusive: The FBI was warning banks about an imminent “ATM cashout” scheme about to unfold across the globe, thanks to a data breach at an unknown financial institution. On Aug. 14, a bank in India disclosed hackers had broken into its servers, stealing nearly $2 million in fraudulent bank transfers and $11.5 million unauthorized ATM withdrawals from cash machines in more than two dozen countries. KrebsOnSecurity, August 17, 2018

Facing New Russian Hacking, Senators Signal They Are Ready to Act: WASHINGTON — Faced with new evidence that Russian hackers are targeting conservative American research groups and the Senate’s own web pages, key lawmakers from both parties signaled on Tuesday that they were ready to move forward with punishing new sanctions legislation capable of crippling the Russian economy. The New York Times, August 21, 2018

New Russian Hacking Targeted Republican Groups, Microsoft Says: BOSTON — The Russian military intelligence unit that sought to influence the 2016 election appears to have a new target: conservative American think tanks that have broken with President Trump and are seeking continued sanctions against Moscow, exposing oligarchs or pressing for human rights. The New York Times, August 21, 2018

Facebook Identifies New Influence Operations Spanning Globe: SAN FRANCISCO — Facebook said on Tuesday that it had identified multiple new influence campaigns that were aimed at misleading people around the world, with the company finding and removing 652 fake accounts, pages and groups that were trying to sow misinformation. The New York Times, August 21, 2018

FBI probes computer hacks in California House campaigns: HUNTINGTON BEACH, Calif. (AP) — The FBI launched investigations after two Southern California Democratic U.S. House candidates were targeted by computer hackers, though it’s unclear whether politics had anything to do with the attacks. New Stage, August 18, 2018

National Cybersecurity

Thinking the unthinkable about responding to cyberattacks: We need better, more aggressive options to deter cyberattacks, since the ones we’ve come up with so far are clearly not deterring our adversaries. I would like to inspire more ambition, aggressiveness, and creativity in the American response. Stewart Baker, Steptoe Cyberblog, August 23, 2018

The U.S. needs to think about the unthinkable on cybersecurity: The United States may have pioneered the idea of fighting wars in cyberspace, but it’s our adversaries who are using cyberattacks most effectively. To deter them, the country needs creative new ways to punish nations if they launch the devastating attacks that are within their grasp. Stewart Baker, The Washington Post, August 21, 2018

Alleged SIM Swapper Arrested in California: Authorities in Santa Clara, Calif. have arrested and charged a 19-year-old area man on suspicion hijacking mobile phone numbers as part of a scheme to steal large sums of bitcoin and other cryptocurrencies. The arrest is the third known law enforcement action this month targeting “SIM swappers,” individuals who specialize in stealing wireless phone numbers and hijacking online financial and social media accounts tied to those numbers. KrebsOnSecurity, August 22, 2018

Categories

Get in touch

About Us

Citadel Information Group is a full service integrated information security management / governance firm. We work either consultatively or as part of a client’s senior management team, assisting our clients cost-effectively manage the confidentiality, privacy, integrity and availability of their information. Learn more.